Azure AD supported with SAML module

1
Hi, I have the SAML module configured successfully with ADFS but is Azure AD supported as well? I cannot activate that alias. It results in this error (replaced UUID): Unable to activate the SAML configuration, because of the following error: Unable to load the IdP Keystore, the following certificates are conflicting for Idp: https://sts.windows.net/<UUID>/ - CN=accounts.accesscontrol.windows.net| Regards, Paul
asked
1 answers
2

I haven't worked with Azure AD, but theoretically if Azure AD follows the SAML 2.0 standard there shouldn't be a problem.

Regarding your error, first some background info: The SAML module is relying on the certificate CN/alias to identify the certificate. Based of the alias the module will choose the correct certificate and use that for signing or encrypting the information shared with the Idp.

The error you are getting is caused because the module finds two certificates with the name: CN=accounts.accesscontrol.windows.net even though these certificates share the same name they are not identical.
The SAML module does allow for the same certificate to be used on multiple places, however the certificate must be identical.

Did you manually add any certificates to your project? SAML uses the project keystore, so if you'd upload a certificate in your project/cloud settings those could cause this conflict.
If you aren't doing that, and the only certificates are using through the Idp I would say that your Idp is including 'incorrect' certificates.
It seems your Idp metadata file contains two certificates with the same name but with a different cipher.


If you share the Idp metadata information I could help you review the information and tell you if there is anything you can do to correct this?

answered